CVE-2023-27863 MEDIUM

CVE-2023-27863: IBM Spectrum Protect Plus Server information disclosure

Vendor Ibm
Product Spectrum Protect Plus Server
Weakness CWE-200 · Info exposure
Published May 12, 2023
Last update January 23, 2025

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.

Key dates

02Disclosure timeline

May 12, 2023 CVE published
January 23, 2025 Record updated